More than 10 million attacks were launched last year – with more in 2021.
The weapons available to cybercriminals vary wildly, from precision-targeted attacks using finely tuned phishing techniques to the cluster bombs of distributed denial of service (DDoS) attacks. And while the latter has become less of the focus of attention at the expense of the chaos the former can wreak, it doesn’t mean they aren’t an issue.
A record number of DDoS attacks were waged in 2020, according to new data from NETSCOUT’s ATLAS Security Engineering & Response Team.
They analysed the range of attacks on different sectors of the tech economy and what impact it had throughout the last year. In all, 10 million DDoS attacks were launched during 2020. “While most of the world has experienced an unprecedented global health crisis over the last year, malicious actors have seen new vulnerabilities and opportunity,” says Richard Hummel, threat intelligence lead at NETSCOUT.
But if record levels of DDoS attacks in 2020 were a concern, it’s what's to come in 2021 that is keeping cybersecurity experts awake at night.
Even higher levels expected in 2021
We aren’t yet halfway through the year, but already levels of DDoS attacks during 2021 seem to be beating even the record highs seen in the previous 12 months. Threat actors launched approximately 2.9 million DDoS attacks in the first quarter of 2021, a 31% increase from the same time in 2020, says NETSCOUT.
“Unfortunately, it is unsurprising that attack activity has risen to such an extent at the beginning of this year.”says Hummel.
“It is clear that, at a time when organisations have depended so heavily on online services, threat actors have taken advantage and focused their efforts on targeting crucial online platforms and services, including healthcare, education, financial services and e-commerce that we all rely on in our daily lives.
The breakdown of attacks, published on NETSCOUT’s blog, makes for sobering reading. While traditionally the first two months of the year are usually the slowest months in the DDoS attack calendar, this year January set record levels, with 972,000 attacks launched in one month alone.
Record breaking at all points
When the average number of attacks waged per month topped 800,000 in 2020, NETSCOUT were surprised. But the average so far this year, with each month going above 900,000 attacks, is even more astounding.
“As attack frequency and complexity increases, it is imperative that defenders and security professionals remain vigilant to protect the critical infrastructure that connects and enables the modern world.”
For those looking to try and avoid being victims of DDoS attacks, it can be useful to look at the details of the attacks monitored by NETSCOUT. Attack size remained relatively flat, with no massive terabit attacks observed, according to the company, while attackers also seem to have settled on a duration sweet spot of five to 10 minutes – present in 42% of attacks. The proportion of attacks lasting under five minutes dropped from 24% to 19%, while longer-duration attack numbers did not change appreciably, they say.
The targets of DDoS attacks remain the same core groups you would expect. Healthcare saw a 53% year on year increase in the number of attacks between the first quarter of 2021 and the first quarter of 2020. Education – important, given many of us are teaching or being taught online – saw attacks increase 41% over the same period, while attacks on platforms such as Netflix and Zoom actually decreased by 20% over the last three quarters. Vigilance remains key to try and ward off such attacks, and for that reason it’s important to be aware of the risks involved from DDoS attacks.